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Claims 

1. A method for handling encrypted user data objects (vNDO) 
comprising the following steps: 

5 

Transmit a container object (DCF) to a first 
telecommunications device (A) , the container object (DCF) 
having a content section (lA) , in which an encrypted user 
data object (vNDO) is provided, and a description section 
10 (BA) , in which a determined checksum of the encrypted user 
data object (vNDO) is provided; 

Extract the checksum from the description section (BA) of 
the container object (DCF) ; 

15 

Re-determine the checksum of the encrypted user data object 
(NDO) provided in the content section (lA) of the container 
object (DCF) ; 

20 Compare the extracted checksum with the newly determined 
checksum so that, in the event that the two checksums 
tally, an error- free transmission of the encrypted user 
data object (vNDO) can be concluded. 

25 2. The method as claimed in claim 1, wherein a data 

provisioning component (D) provides user data objects (NDO) 
which are processed according to the following steps: 

Encrypt a user data object (NDO) provided on the data 
3 0 provisioning component (D) ; 

Determine a checksum of the encrypted user data object 
(vNDO) ; 
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Generate a container object (DCF) having a content section 
(lA) , in which the encrypted user data object (vNDO) is 

provided, and a description section (BA) , in which the 
5 determined checksum of the encrypted user data object 
(vNDO) is provided; 

Transmit the container object (DCF) from the data 
provisioning component (D) to the first telecommunications 
10 device (A) . 

3. The method as claimed in one of the claims 1 or 2 , 
wherein the container object (DCF) is transmitted to the 
first telecommunications device (A) by the data 

15 provisioning component (D) via at least one further data 
provisioning component or at least one further 
telecommunications device . 

4. The method as claimed in one of the claims 1 to 3 , 

2 0 wherein a rights object (RO) is generated for the encrypted 
user data object (vNDO) by the data provisioning component 
(D) , which rights object has assignment information 
(Content ID) for assigning the rights object (RO) to a 
container object (DCF) containing an encrypted user data 

25 object (vNDO) , decryption information for decrypting the 
encrypted user data object, and rights information for 
describing the usage rights of the encrypted user data 
object . 

30 5. The method as claimed in claim 4, wherein a confirmation 
object (DCFV) assigned to the rights object (RO) is 
generated by the data provisioning component (D) , which 
confirmation object has assignment information for 
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assigning the rights object (RO) to an encrypted user data 
object and a checksum of the encrypted user data object 
(vNDO) . 

5 6. The method as claimed in claim 5, which further 
comprises the following steps: 

Request on the part of the first telecommunications device 
(A) for the confirmation object (DCFV) assigned to the 
10 rights object (RO) to be transmitted to said devices- 
Transmit the confirmation object (DCFV) from the data 
provisioning component (D) to the first telecommunications 
device (A) ; 

15 

Extract the checksum from the confirmation object (DCFV) ; 

Compare the checksum extracted from the confirmation object 
with the newly determined checksum so that, in the event 
20 that the two checksums tally, compatibility of the rights 
object assigned to the confirmation object and the 
encrypted user data object transmitted to the first 
telecommunications device (A) in the container object (DCF) 
can be concluded - 

25 

7- The method as claimed in one of the claims 4 to 6, 
wherein a request is submitted on the part of the first 
telecommunications device (A) to transmit the rights object 
(RO) generated by the data provisioning component (D) to 
30 said telecommunications device. 



8. The method as claimed in one of the claims 4 to 6 , 
wherein the rights object (RO) is transmitted by the data 
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provisioning component (D) to the first telecommunications 
device (A) , in particular if compatibility has been 
established on the basis of an agreement of the checksums 
of the confirmation object assigned to the rights object 
5 and the encrypted user data object transmitted to the first 
telecommunications device in the container object. 

9. The method as claimed in one of the claims 1 to 8, 
wherein the following steps are performed following a 
10 successful comparison of the extracted checksum with the 
newly determined checksum: 

Request description information (BIl) relating to the 
content of the encrypted user data object (vNDO) from a 
15 data provisioning component (D) ; 

Transmit the requested description information (BIl) from 
the data provisioning component (D) to the first 
telecommunications device (A) ; 

20 

Check whether the content having the attributes specified 
in the description information (BIl) can be used by the 
first telecommunications device (A) . 

25 10. A method for handling encrypted user data objects 
(vNDO) comprising the following steps: 

Provide an encrypted user data object (vNDO) in a first 
telecommunications device (A) ; 

30 

Request description information (BIl) relating to the 
content of the encrypted user data object (vNDO) from a 
data provisioning component (D) ; 
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Transmit the requested description information (BIl) from 
the data provisioning component (D) to the first 
telecommunications device (A) ; 

5 

Check whether the content having the attributes specified 
in the description information (BIl) can be used by the 
first telecommunications device (A) ; 

10 Request from the data provisioning component (D) upon 
successful checking of the attributes specified in the 
description information (BIl) a confirmation object (DCFV) 
which is assigned to a rights object (RO) assigned to the 
encrypted user data object in order to check the 

15 compatibility of the rights object and the encrypted user 
data object (vNDO) . 

11. The method as claimed in claim 10, wherein the rights 
object (RO) is transmitted by the data provisioning 

2 0 component (D) to the first telecommunications device (A) 

upon successful checking of the compatibility of the rights 
object and the encrypted user data object. 

12. The method as claimed in claim 10 or 11, wherein the 

25 encrypted user data object is provided in a content section 
(lA) of a container object (DCF) . 

13. The method as claimed in claim 12, wherein the 
container object (DCF) also has a description section (BA) 

3 0 in which a checksum of the encrypted user data object 

(vNDO) is provided. 
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14. The method as claimed in claim 13, wherein the address 
of the data provisioning component is also provided in the 
description section (BA) of the container object (DCF) for 
the purpose of requesting the description information 

5 and/or the confirmation object. 

15. The method as claimed in claim 13 or 14, wherein the 
confirmation object has a checksum of the encrypted user 
data object (vNDO) , the compatibility of the rights object 

10 and the encrypted user data object being checked by means 
of the following steps: 

Extract the checksum from the confirmation object (DCFV) ; 

15 Compare the checksum extracted from the confirmation object 
with the checksum provided in the description section (BA) 
of the container object (DCF) so that, in the event that 
the two checksums tally, the compatibility of the rights 
object assigned to the confirmation object and the 
2 0 encrypted user data object provided in the container object 
(DCF) transmitted to the first telecommunications device 
(A) can be concluded. 

16. The method as claimed in one of the claims 6 to 15, 
25 wherein a first confirmation message is sent by the first 

telecommunications device (A) to the data provisioning 
component (D) if the compatibility of the rights object 
assigned to the confirmation object and the encrypted user 
data object (vNDO) transmitted to the first 
30 telecommunications device (A) in the container object (DCF) 
has been established and/or wherein a second confirmation 
message is sent if the first telecommunications device has 
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received the rights object from the data provisioning 
component - 

17. The method as claimed in claim 1, 8 or 12 to 16, 
5 wherein charging information relating to the transmitted 

rights object (RO) is transmitted to the telecommunications 
subscriber assigned to the first telecommunications device 



10 18. The method as claimed in one of the claims 1 to 9 or 13 
to 17, wherein the checksum is a hash value calculated 
according to a hash algorithm. 

19. The method as claimed in one of the claims 1 to 18, 
15 wherein the first and/or the at least second 
telecommunications device are part of a first 
telecommunications network, in particular in the embodiment 
of a mobile radio network. 

20 20. The method as claimed in one of the claims 2 to 19, 

wherein the data provisioning component is part of a second 
telecommunications network. 

21. The method as claimed in one of the claims 1 to 20, 
2 5 wherein the first and/or second telecommunications device 

comprise a radio module and are embodied in particular as a 
mobile phone, a cordless telephone, or a portable computer. 



(A) . 



30 



22. The method as claimed in claim 21, wherein the data is 
transmitted from and to the first and/or second 
telecommunications device by means of WAP protocols. 
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23. The method as claimed in one of the claims 1 to 21, 
wherein the data is transmitted from and to the first 
and/or second telecommunications device by means of 
Internet protocols such as the Hypertext Transfer Protocol. 

5 

24. The method as claimed in one of the claims 1 to 23, 
wherein the user data objects contain text information, 
audio information, video information, executable programs, 
software modules or a combination of the aforesaid types of 

10 information. 

25. A telecommunications arrangement comprising a data 
provisioning system having at least one data provisioning 
component (D) and at least one first telecommunications 

15 device (A) , the telecommunications arrangement being 

designed for performing a method as claimed in one of the 
claims 2 to 24. 

26. A data provisioning component which is designed for 
2 0 performing a method as claimed in one of the claims 2 to 

24. 

27. A telecommunications device which is designed for 
performing a method as claimed in one of the claims 2 to 

25 24 . 



